When I first set up the Zabbly repositories for kernel builds, Incus and ZFS, I created a GPG key with a 2 years validity. Those 2 years are going to be up in just a few days (August 22nd).
I’ve updated the key, renewing it for 5 years (new expiry is August 18th 2030) but existing systems need to be refreshed with the new key to keep getting updates.
Here is how to do it safely:
1. Check the currently trusted key
root@d13:~# cat /etc/apt/keyrings/zabbly.asc | gpg --import-options show-only --import
pub rsa3072 2023-08-23 [SC] [expires: 2025-08-22]
4EFC590696CB15B87C73A3AD82CC8797C838DCFD
uid Zabbly Kernel Builds <info@zabbly.com>
sub rsa3072 2023-08-23 [E] [expires: 2025-08-22]
2. Download the new (renewed) key
root@d13:~# curl -s https://pkgs.zabbly.com/key.asc -o zabbly.asc
3. Confirm the new key is just a renewed version
root@d13:~# cat zabbly.asc | gpg --import-options show-only --import
pub rsa3072 2023-08-23 [SC] [expires: 2030-08-17]
4EFC590696CB15B87C73A3AD82CC8797C838DCFD
uid Zabbly Kernel Builds <info@zabbly.com>
sub rsa3072 2023-08-23 [E] [expires: 2030-08-17]
At this step, it’s important to make sure that the fingerprint of the key is the same (4EFC590696CB15B87C73A3AD82CC8797C838DCFD). The only thing that should be different is the expiry date.
4. Replace old key with new key
root@d13:~# mv zabbly.asc /etc/apt/keyrings/zabbly.asc
After that, you’re done, the system will be able to apply package updates for the next 5 years 
Thanks @jarrodu for noticing the nearing expiry!